RSA

RSA • The algorithm was publicly described in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT • Partly used for PGP (Pretty Good Privacy) to encrypt session keys

RSA – Step 1 • Choose two distinct large random prime numbers p and q, e.g. p = 17 and q = 11 • Let n = p*q, e.g. n=17*11=187 • Choose e such that and e and are coprime • is Euler’s totient

Euler’s Totient • the totient φ(n) of a positive integer n is defined to be the number of positive integers less than or equal to n that are coprime to n. • φ(9)=6 because the six numbers 1, 2, 4, 5, 7 and 8 are coprime to 9

RSA – Step 2 • e.g. e = 7 thus 7 and (17-1)*(11-1) = 160 are coprime • e can be published as the public-key exponent • n is the modulus • This is all that is needed to encrypt

RSA - Encryption • A cyphertext C can be created from a message M using the formulaC = Me(mod n) • Example: Message M is “X” in ASCII 1011000 or 88 in decimal • C = 887(mod 187) = 11

887(mod 187) = [884(mod 187)* 882(mod 187)*881(mod 187)] 881 = 88 = 88(mod 187) 882 = 7,744 = 77(mod 187) 884 = 59,969,536 = 132(mod 187) 887 = 881 *882 *884 = 88*77*132 = 894,432 = 11(mod 187)

RSA - Decryption • Modulus operation is a one way function • Given only the public-key (7,187) the only way to decrypt is through brute-force i.e. try all possible keys • This problem is simplified because you know how the private-key is created.

RSA- Private-key • The decryption key d is created with the following formulae*d = 1(mod(p-1)*(q-1)) • e.g 7*d=1(mod(16*10))7d = 1 (mod 160)d = 23 using Euclid’s algorithm

Extended Euclid’s Algorithm • e * d (mod φ(n) ) = 1 In other words, there is another number also relatively prime to φ(n) that is its reciprocal. • ax + by = gcd(a,b)The extended Euclidean algorithm is particularly useful when a and b are coprime, since x is the modular multiplicative inverse of a modulo b

Extended Euclid’s Algorithm function extended_gcd(a, b) if a mod b = 0 return {0, 1} else {x, y} := extended_gcd(b, a mod b) return {y, x-y*(a div b)} Example: extended_gcd(160, 7 ) := (-1,1+1*22) extended_gcd(7, 160(mod 7) ) := (1,0-1*1) extended_gcd(6, 7(mod 6) ) := (0,1) X = -1 Y=23 23 is the multiplicative inverse of e

RSA - Decryption • Now we have our private-key (d,n) e.g. (23,187) • M = Cd (mod n)M = 1123 (mod 187)M = [111 (mod 187)*112 (mod 187)*114 (mod 187)*1116 (mod 187)](mod 187)M = 11*121*55*154 (mod 187)M = 88 = “X”

RSA - Cryptanalysis • The security of RSA is based on two problems: • The problem of factoring large numbers • The RSA problem

Factoring Large Numbers • RSA-200 is largest number factored so far. It has 200 decimal digits which corresponds to 663 bits • The sieving effort is estimated to have taken the equivalent of 55 years on a single 2.2 GHz Opteron CPU. • The matrix step reportedly took about 3 months on a cluster of 80 2.2 GHz Opterons. The sieving began in late 2003 and the matrix step was completed in May 2005.

RSA Problem • The RSA problem is the task of finding eth roots modulo a composite number N whose factors are not known • In other words to find integer P such that Pe ≡ C (mod N), given integers N, e and C such that N is the product of two large primes, 2 < e < N is coprime to φ(N), and 0 <= C < N. C is chosen randomly within that range • the most efficient means known to solve the RSA problem is to factor the modulus N and thus discover the private key

RSA

RSA

Presentation Transcript

RSA

RSA Encryption

RSA

RSA

RSA-256bit

RSA

RSA

RSA

RSA

RSA

RSA

RSA

RSA

RSA